Microsoft Patch on Tuesday, May 2020 Edition
Today, Microsoft released software updates to fix at least 111 security holes in Windows and Windows programs. So far, none of the vulnerabilities have been reported as public or detailed, but as always, if you are using Windows on one of your computers, it is time to prepare for the redistribution of the patches.
is the third month in a row that Microsoft is urging the company to fix more than 110 security holes in its operating system and related software. At least 16 bugs are marked as critical, meaning that non-He can be used to install malware or to remotely control vulnerable systems with little or no help from users. Browse around here Outsource hosting support.
However, by focusing only on the seriousness of Microsoft’s evaluations, the seriousness of the shortcomings addressed this month can be obscured. Todd Schell, senior product manager at security vendor Ivanti, notes that when looking at the usability rating associated with each patch – the extent to which Microsoft believes that each patch can and will be used for malicious purposes – it makes sense to pay equal attention to vulnerabilities that Microsoft has identified with a lower severity, namely Important.
Almost all of this month’s non-critical flaws were considered important by Microsoft.
What is interesting and often overlooked is that only seven out of ten [castles] with a higher operating risk are considered significant, according to Shell. Critical vulnerabilities are often perceived as the most disturbing, but many of these vulnerabilities are classified as important or critical.
For example, Tenable’s Satnam Narang discovered that two remote code execution vulnerabilities in Microsoft Color Management (CVE-2020-1117) and Windows Media Foundation (CVE-2020-1126) can be exploited by asking a user to open a malicious attachment or open a website that contains code designed to exploit vulnerabilities. However, Microsoft believes that these vulnerabilities are less comparable on the basis of their exploitability index.
However, the three weaknesses in the prerogatives most likely to occur have also been addressed, Naranga said. These include a number of significant defects in Win32k (CVE-2020-1054, CVE-2020-1143) and a defect in the graphics component of Windows (CVE-2020-1135). Vulnerabilities Privilege escalation is exploited by attackers after they have gained access to the system to execute code on high privilege target systems. There are at least 56 such corrections in the May issue.
Shell says if your company’s patch prioritisation plan this month focuses on vendor severity or even CVSS scores above a certain level, you may need to reassess your performance.
He advises you to refer to other risk parameters, such as public disclosure, exploitation (of course) and Microsoft-specific exploitability assessment to extend your prioritisation process.
As usual, Adobe has released updates for some of its products every Tuesday of the month. The update for Adobe Acrobat and Adobe Reader includes two dozen critical and important vulnerabilities. There are no security patches for the Adobe Flash Player released this month.
I just want to remind you that although many of the vulnerabilities fixed in the current Microsoft patch package affect the Windows 7 operating system – including the three zero-day bugs – this operating system is no longer supported by security updates (unless you are an organization using the paid Microsoft Advanced Security Update Program, which is available to Windows 7 Professional and Windows 7 Enterprise users).
If you depend on Windows 7 for your daily work, it’s time to think about something new. That something could be a PC with Windows 10. Or maybe you’ve always wanted that brilliant MacOS computer.
If cost is the main motivating factor and the user, you mean, doesn’t do much with the system except surf the web, maybe Chromebook or an old machine with a newer version of Linux is the answer (Ubuntu may be easier for non-Linux residents). Whichever system you choose, it is important to choose one that meets the owner’s needs and ensures that the security system is constantly updated.
Remember, when updating a Windows patch, make sure it is not updated before you have backed up important data and files. Reliable backup means you won’t lose your head if a strange patch doesn’t cause system boot problems.
Be sure to back up your files before installing patches. Windows 10 even has built-in tools to help you do this, either individually for each file/folder, or by making a full boot copy of your hard drive at once.
And if you want to make sure that Windows is configured to pause updates so that you can back up your files and/or system before the operating system decides to restart and apply patches according to your own schedule, read this manual.
As always, if you had any glitches or problems installing any of these patches this month, you may want to consider leaving a comment below; other readers may have experienced the same thing and give some useful tips here. Also keep an eye on Woody Leonhard’s AskWoody blog, which tracks bug-based Microsoft updates every month.
Further lecture :
SANS Internet Attack Center based on vulnerability and severity
Directory of Microsoft security updates
Computer sleep in May 2020. Tuesday Patch
*** It’s the Krebs on Security network of union bloggers, written by BrianKrebs. The original message can be found at the following address: https://krebsonsecurity.com/2020/05/microsoft-patch-tuesday-may-2020-edition/.january 2020 microsoft patch tuesday,critical microsoft updates,microsoft security patches february 2020,microsoft patch schedule,microsoft patch process,microsoft security patch news,feb security patch 2020,microsoft security patch download